CVE-2023-1454

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-1454

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-1454.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-1454

Aliases

GHSA-j72f-4hgp-3mwc

Published

2023-03-17T07:15:13Z

Modified

2024-10-12T10:27:34.976869Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.

References

Affected packages

Git / github.com/jeecgboot/jeecg-boot

Affected ranges

Type: GIT
Repo: https://github.com/jeecgboot/jeecg-boot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

42eedcd3b32fe314f985e98521f42745cc5bdaad

Affected versions

2.*

2.2.0

2.3.0

2.4.0

2.4.1

2.4.5

v2.*

v2.0.2

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.2.1

v2.3

v2.3.0

v2.4.1

v2.4.2

v2.4.3

v2.4.5

v2.4.6

v3.*

v3.0

v3.0.0

v3.1.0

v3.2.0

v3.3.0

v3.4.0

v3.4.2

v3.4.3

v3.4.3last

v3.4.4

v3.4.4last

v3.5.0